The Kubernetes kubelet's dockershim sets oom_score_adj for the docker processes to -999 to protect them from getting killed:
https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go#L774-L796
However other CRIs like containerd, kubelet does not know about the names of the processes or their pid and hence does NOT set the oom_score_adj:
kubernetes/kubernetes#86420
The guidance from the containerd folks is for packagers/admins to do this themselves:
containerd/containerd#3901
Since we ship containerd by default and we install containerd in all our images, we should set this ourselves by default in image-builder itself.
One pattern of setting this using ansible is (found quickly using google search as i don't know much about ansible, so there may be other patterns):
https://chuckyz.wordpress.com/2016/12/28/centos-7-disabling-oomkiller-for-a-process/
Let's please do this!
The Kubernetes kubelet's dockershim sets
oom_score_adjfor the docker processes to-999to protect them from getting killed:https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/container_manager_linux.go#L774-L796
However other CRIs like containerd, kubelet does not know about the names of the processes or their pid and hence does NOT set the oom_score_adj:
kubernetes/kubernetes#86420
The guidance from the containerd folks is for packagers/admins to do this themselves:
containerd/containerd#3901
Since we ship containerd by default and we install containerd in all our images, we should set this ourselves by default in image-builder itself.
One pattern of setting this using ansible is (found quickly using google search as i don't know much about ansible, so there may be other patterns):
https://chuckyz.wordpress.com/2016/12/28/centos-7-disabling-oomkiller-for-a-process/
Let's please do this!